Him, an adventurer, CISO, soldier, Marine, law officer, author, professor, spy, yachty, motorcyclist, photographer. Her, was the church lady librarian, got divorced, joined a motorcycle gang, became a hacker, and world adventurer.

Glass Acquisition and Analysis

Google Glass developed by Google is an embedded device with an android operating system. The device operates with an android operating system. The device is only available to a limited number of users for testing and development purpose. Google also provides a limited number of applications however the platform and development kit is available for owners and developers to explore the device. The device can be used to take photos, videos, and listen to music. Nevertheless, when connected to a phone more capabilities become available to the user such as searching the web, reading and sending emails, reading and sending text massages, and providing navigation directions via GPS. In this Lab exercise a Google Glass device will be explored forensically to provide an insight to the process of data accusation and analysis.

The device has been physically acquired, and will be Imaged using the proper devices, and then forensically examined using appropriate tools. Evidence will be collected methodically for further use. The Use of manufacture manuals and other known forensically sound methods are going to be used as general guidelines for the process.

Keywords: Google Glass, Digital Investigation, Forensic Evidence.

Glass Acquisition and Analysis

Steps of the process

Acquisition

After having the proper legal documents for acquiring the Google Glass device in question the device should be inspected immediately and different steps should be taken based on the status of the device:

Powered On:

Seal in proper material to prevent connectivity and signals

Maintain Battery and Power

Powered Off:

Do not turn it on

Seal in proper material to prevent connectivity and signals

During this phase all outside information such as device name, serial number, owner of the Device, Time of Acquisition, location, Investigator’s name, and all chain of custody information should be noted down and writing on the transportation medium.

Physical Inspection

The device was identified as Google Glass Explorer Edition, and was inspected physically to note down inputs and output of the system. From Figure 1 the following inputs were noted (Google Glass Team, 2013).

A small glass display screen

Camera with 5 MP and Video of 720P resolution

Wi- Fi 802.11b, 802.11g

Side panel touch pad

Bone Conduction Transducer

Figure 1 Google Glass Product Specifications

Reading more about the device specs and capability will provide insight and recognize limits of its capabilities and therefore the boundaries of our search and analysis. Google Glass has the following:

The device has a modified version of an Android 4.0.4 known as Ice Cream Sandwich.

1.20GHz Texas Instruments OMAP 4430 CPU

2100mAh battery

Applications & Tools

The following applications are used to forensically examine the device. The following descriptions have been captured from the developer’s website and manuals.

FTK® Imager, “is a data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis with a forensic tool such as AccessData® Forensic Toolkit® (FTK) is warranted. FTK Imager can also create perfect copies (forensic images) of computer data without making changes to the original evidence” (AccessData, 2012).

Autopsy®, “is an open source digital investigation tools (a.k.a. digital forensic tools) that run on Windows, Linux, OS X, and other Unix systems. They can be used to analyze disk images and perform in-depth analysis of file systems (such as NTFS, FAT, HFS+, Ext3, and UFS) and several volume system types” (SleuthKit, 2003).

Shattered, a script written to pull out data from Google glass, as a result of a research done in Champlain College by Professor Jon Rajewski, Julie Desautels and Chapin Bryce (Bryce, Desautels, & Rajewski, 2013).

Logical Inspection

The device uses the Media Transfer Protocol MTP protocol which is used to limit access to the storage media in the device. MTP Devices connected via USB cannot be imaged via FTK or similar software. The MTP provides access to two folders DCIM and Pictures. Pictures and Videos are the type of Files available and could be easily copied and investigated. However, deleted files are not shown and at this stage are not retrievable.

By further investigating the device and contacting Google it was confirmed that the device has only one partition that includes the firmware, Operating system, user settings and user files.

Nevertheless, if root access was provided the following steps could be used to acquire an image and pull information out of google glass.

Issues or problems

It was very difficult to get root access on the Google Glass device. In Fact only one vulnerability has been exposed and attributed to JavaScript. Nonetheless, since Bluetooth is an input several attacks and weakness are available that could be taken advantage of. Unfortunately, it was very difficult to execute due to lack of appropriate tools and background in Linux environment.

Conclusions

Embedded devices are made to be user friendly and hassle free for the provider company. Therefore, limitations are put in place to limit user capabilities which in order will lower the number of issues that the companies support will need to deal with. Unfortunately, that also puts a burden and another layer of difficulty to properly and forensically analyze such devices. Nonetheless, some forensic sciences are destructive in nature and evidence collected do not stay intact or the same after examination. Being at the edge of technology such fact might come into play in dealing with embedded devices such as Google Glass.

Proper administrator privilege is important to access all files and sectors available. However, by finding a vulnerability that can be exploited such privilege can be obtained temporarily or permanently. With Root level access in Google Glass all information available could be easily obtained and deleted images could be recovered. However, without it limited number of information is available. In this lab I was faced by two choices, try exploiting the Android system to gain privilege, or root and unlock the device which might in the process delete evidence. In Conclusion a strong background in Linux systems in order to interact with Google glass and Android OS system would be very helpful.

Post navigation

RSS Links

Cyber?

Cyber security and the technologies of securing the information enterprise of industry and government require a trans-disciplinary while still STEM focused research agenda. The term “cyber” itself denotes a human cognitive centric concept that deals with the disintermediation of technology centered within human activity. The changing focus from system threat mitigation to enterprise risk management has opened completely new areas of inquiry into security.